From 070dfe0833ff2f26539907e564bc228b4cab5510 Mon Sep 17 00:00:00 2001
From: Sascha Schumann <sas@php.net>
Date: Sat, 21 Aug 1999 20:48:40 +0000
Subject: [PATCH] - add session.extern_referer_chk - use combined lcg in
 session id creation

---
 ChangeLog                 |  3 +++
 ext/session/php_session.h |  1 +
 ext/session/session.c     | 37 ++++++++++++++++++++++++++++++++-----
 3 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1416f6846b..df28824160 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@ PHP 4.0 CHANGE LOG                                                    ChangeLog
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 
 ?? ?? 1999, Version 4.0 Beta 3
+- Added session.extern_referer_chk which checks whether session ids were
+  referred to by an external site and eliminates them (Sascha)
+- Improved session id generation (Sascha)
 - Improved speed of uniqid() by using the combined LCG and removing
   the extra usleep() (Sascha)
 - Introduced general combined linear congruential generator (Sascha)
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index d16909762e..5964d69d82 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -82,6 +82,7 @@ typedef struct {
 	char *save_path;
 	char *session_name;
 	char *id;
+	char *extern_referer_chk;
 	int lifetime;
 	ps_module *mod;
 	void *mod_data;
diff --git a/ext/session/session.c b/ext/session/session.c
index 6de13d632d..d038223545 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -19,11 +19,8 @@
 
 /*
  * TODO:
- * - improve session id creation to avoid collisions
- *   (make use of mersenne twister, other data such as IP, browser etc.)
  * - add complete support for objects (partially implemented)
  * - userland callback functions for ps_module
- * - write documentation
  * - write ps_module utilizing shared memory (mm)
  */
 #if !(WIN32|WINNT)
@@ -40,7 +37,7 @@
 #include "ext/standard/md5.h"
 #include "ext/standard/php3_var.h"
 #include "ext/standard/datetime.h"
-
+#include "ext/lcg/php_lcg.h"
 
 #ifdef ZTS
 int ps_globals_id;
@@ -74,6 +71,7 @@ PHP_INI_BEGIN()
 	PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, NULL)
 	PHP_INI_ENTRY("session.lifetime", "0", PHP_INI_ALL, NULL)
 	PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, NULL)
+	PHP_INI_ENTRY("session.extern_referer_chk", "", PHP_INI_ALL, NULL)
 PHP_INI_END()
 
 PS_SERIALIZER_FUNCS(php);
@@ -223,7 +221,7 @@ static char *_php_create_id(int *newlen)
 	gettimeofday(&tv, NULL);
 	PHP3_MD5Init(&context);
 	
-	sprintf(buf, "%ld%ld", tv.tv_sec, tv.tv_usec);
+	sprintf(buf, "%ld%ld%0.8f", tv.tv_sec, tv.tv_usec, php_combined_lcg() * 10);
 	PHP3_MD5Update(&context, buf, strlen(buf));
 
 	PHP3_MD5Final(digest, &context);
@@ -339,6 +337,9 @@ static void _php_session_start(PSLS_D)
 
 	lensess = strlen(PS(session_name));
 	
+	/* check whether a symbol with the name of the session exists
+	   in the global symbol table */
+	
 	if(!PS(id) &&
 			zend_hash_find(&EG(symbol_table), PS(session_name),
 				lensess + 1, (void **) &ppid) == SUCCESS) {
@@ -347,6 +348,10 @@ static void _php_session_start(PSLS_D)
 		send_cookie = 0;
 	}
 
+	/* if the previous section was successful, we check whether
+	   a symbol with the name of the session exists in the global
+	   HTTP_COOKIE_VARS array */
+
 	if(!send_cookie &&
 			zend_hash_find(&EG(symbol_table), "HTTP_COOKIE_VARS",
 				sizeof("HTTP_COOKIE_VARS"), (void **) &data) == SUCCESS &&
@@ -356,6 +361,10 @@ static void _php_session_start(PSLS_D)
 		define_sid = 0;
 	}
 
+	/* check the REQUEST_URI symbol for a string of the form
+	   '<session-name>=<session-id>' to allow URLs of the form
+       http://yoursite/<session-name>=<session-id>/script.php */
+
 	if(!PS(id) &&
 			zend_hash_find(&EG(symbol_table), "REQUEST_URI", 
 				sizeof("REQUEST_URI"), (void **) &data) == SUCCESS &&
@@ -368,6 +377,22 @@ static void _php_session_start(PSLS_D)
 		if((q = strpbrk(p, "/?\\")))
 			PS(id) = estrndup(p, q - p);
 	}
+
+	/* check whether the current request was referred to by
+	   an external site which invalidates the previously found id */
+	
+	if(PS(id) && 
+			PS(extern_referer_chk)[0] != '\0' &&
+			zend_hash_find(&EG(symbol_table), "HTTP_REFERER",
+				sizeof("HTTP_REFERER"), (void **) &data) == SUCCESS &&
+			(*data)->type == IS_STRING &&
+			(*data)->value.str.len != 0 &&
+			strstr((*data)->value.str.val, PS(extern_referer_chk)) == NULL) {
+		efree(PS(id));
+		PS(id) = NULL;
+		send_cookie = 1;
+		define_sid = 1;
+	}
 	
 	if(!PS(id)) {
 		PS(id) = _php_create_id(NULL);
@@ -643,6 +668,7 @@ static void php_rinit_session_globals(PSLS_D)
 	PS(session_name) = estrdup(INI_STR("session.name"));
 	PS(gc_probability) = INI_INT("session.gc_probability");
 	PS(gc_maxlifetime) = INI_INT("session.gc_maxlifetime");
+	PS(extern_referer_chk) = estrdup(INI_STR("extern_referer_chk"));
 	PS(id) = NULL;
 	PS(lifetime) = INI_INT("session.lifetime");
 	PS(nr_open_sessions) = 0;
@@ -653,6 +679,7 @@ static void php_rshutdown_session_globals(PSLS_D)
 {
 	if(PS(mod_data))
 		PS(mod)->close(&PS(mod_data));
+	efree(PS(extern_referer_chk));
 	efree(PS(save_path));
 	efree(PS(session_name));
 	if(PS(id)) efree(PS(id));
-- 
2.50.0